Changeset 4535 for trunk/wp-admin/upload-js.php

Timestamp:

11/28/2006 09:51:13 PM (19 years ago)

Author:

ryan

Message:

Use js_escape. Props nbachiyski. fixes #3399

File:

• trunk/wp-admin/upload-js.php (modified) (3 diffs)

trunk/wp-admin/upload-js.php

@@ -98 +98 @@
             h += "<table>";
             if ( this.currentImage.thumb ) {
-                h += "<tr><th style='padding-bottom:.5em'><?php echo addslashes(__('Show:')); ?></th><td style='padding-bottom:.5em'>";
-                h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo addslashes(__('Thumbnail')); ?></label><br />";
-                h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo addslashes(__('Full size')); ?></label>";
+                h += "<tr><th style='padding-bottom:.5em'><?php echo js_escape(__('Show:')); ?></th><td style='padding-bottom:.5em'>";
+                h += "<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' checked='checked' /> <?php echo js_escape(__('Thumbnail')); ?></label><br />";
+                h += "<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo js_escape(__('Full size')); ?></label>";
                 h += "</td></tr>";
             }
 
-            h += "<tr><th><?php echo addslashes(__('Link to:')); ?></th><td>";
-            h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo addslashes(__('File')); ?></label><br />";
-            h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo addslashes(__('Page')); ?></label><br />";
-            h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo addslashes(__('None')); ?></label>";
+            h += "<tr><th><?php echo js_escape(__('Link to:')); ?></th><td>";
+            h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo js_escape(__('File')); ?></label><br />";
+            h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo js_escape(__('Page')); ?></label><br />";
+            h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo js_escape(__('None')); ?></label>";
             h += "</td></tr>";
 
             h += "<tr><td colspan='2'><p class='submit'>";
-            h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo addslashes(__('Send to editor')); ?> &raquo;' />";
+            h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo js_escape(__('Send to editor &raquo;')); ?>' />";
             h += "</p></td></tr></table>";
             h += "</form>";
@@ -135 +135 @@
                 params.ID = '';
                 params.action = '';
-                h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "'  title='Browse your files' class='back'>&laquo; Back</a>";
-            } else {
-                h += "<a href='#' onclick='return theFileList.cancelView();'  title='Browse your files' class='back'>&laquo; Back</a>";
+                h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "'  title='<?php echo js_escape(__('Browse your files')); ?>' class='back'>&laquo;  <?php echo js_escape(__('Back')); ?></a>";
+            } else {
+                h += "<a href='#' onclick='return theFileList.cancelView();'  title='<?php echo js_escape(__('Browse your files')); ?>' class='back'>&laquo; <?php echo js_escape(__('Back')); ?></a>";
             }
             h += "<div id='file-title'>"
             if ( !this.currentImage.isImage )
-                h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='Direct link to file'>" + this.currentImage.title + "</a></h2>";
+                h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo js_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>";
             else
                 h += "<h2>" + this.currentImage.title + "</h2>";
             h += " &#8212; <span>";
-            h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'>Insert</a>"
+            h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php js_escape(__('Insert')); ?></a>"
             h += "</span>";
             h += '</div>'
             h += "<div id='upload-file-view' class='alignleft'>";
             if ( this.currentImage.isImage ) {
-                h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='Direct link to file'>";
+                h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo js_escape(__('Direct link to file')); ?>'>";
                 h += "<img src='" + ( this.currentImage.thumb ? this.currentImage.thumb : this.currentImage.src ) + "' alt='" + this.currentImage.title + "' width='" + this.currentImage.width + "' height='" + this.currentImage.height + "' />";
                 h += "</a>";
@@ -159 +159 @@
 
             h += "<table><col /><col class='widefat' /><tr>"
-            h += "<th scope='row'><label for='url'>URL</label></th>";
+            h += "<th scope='row'><label for='url'><?php echo js_escape(__('URL')); ?></label></th>";
             h += "<td><input type='text' id='url' class='readonly' value='" + this.currentImage.srcBase + this.currentImage.src + "' readonly='readonly' /></td>";
             h += "</tr><tr>";
-            h += "<th scope='row'><label for='post_title'>Title</label></th>";
+            h += "<th scope='row'><label for='post_title'><?php echo js_escape(__('Title')); ?></label></th>";
             h += "<td><input type='text' id='post_title' name='post_title' value='" + this.currentImage.title + "' /></td>";
             h += "</tr><tr>";
-            h += "<th scope='row'><label for='post_content'>Description</label></th>";
+            h += "<th scope='row'><label for='post_content'><?php echo js_escape(__('Description')); ?></label></th>";
             h += "<td><textarea name='post_content' id='post_content'>" + this.currentImage.description + "</textarea></td>";
-            h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='Delete File' onclick='theFileList.deleteFile(" + id + ");' />";
+            h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo js_escape(__('Delete File')); ?>' onclick='theFileList.deleteFile(" + id + ");' />";
             h += "<input type='hidden' name='from_tab' value='" + this.tab + "' />";
             h += "<input type='hidden' name='action' id='action-value' value='save' />";
             h += "<input type='hidden' name='ID' value='" + id + "' />";
             h += "<input type='hidden' name='_wpnonce' value='" + this.nonce + "' />";
-            h += "<div class='submit'><input type='submit' value='Save &raquo;' /></div>";
+            h += "<div class='submit'><input type='submit' value='<?php echo js_escape(__('Save &raquo;')); ?>' /></div>";
             h += "</td></tr></table></form>";